Re: POC exploit for freeFTPd 1.0.10

Tauqeer Ahmad <ahmadtauqeer@xxxxxxxxx> · Fri, 19 May 2006 11:59:41 -0700 (PDT)

Hello Sanjay

There was no technical difficulty. That was just a POC
to proof the vulnerability and not to exploit it in
the wild. The choice at your disposal is limit less.
You can also debug the programe on windows 2003 server
and include the offsets. you can debug it on windows
2000 professional, windows in chiness language ;),
windows in japanis, windows in other languages.

Regards,

Tauqeer Ahmad 

--- Sanjay Rawat <sanjayr@xxxxxxxxxx> wrote:

---------------------------------

Hello Ahmad:
I am wondering why you have not given option for
Windows 2000 SP4Professional in your python code. Is
there any technical difficulty?
I think one can include the following snippet in your
code after line #95
---------------------------------------
elif value == '4:
               eip = "\x29\x4c\xE1\x77"  # 77E14c29
JMP ESP IN USER32.DLL(windows 2000 Prof. SP4)
-------------------------------------

Please correct me if I am missing something. As of
now, I could not testthis addition though.

regards
-Sanjay

At 09:48 PM 5/17/2006, Tauqeer Ahmad wrote:
Hi,

The exploit that i publish for freeSSHd 1.0.9 will
work against freeFTPd 1.0.10 as well. Upgrade to the
lattest version of freeFTPd.

http://www.securityfocus.com/data/vulnerabilities/exploits/2680392359-ssh.py

Disclaimer:

All the information and exploit in this mail and the
previous are provided for the educational purpose
only. Please do not i repeat do not run this exploit
against any system without prior permission.

Regards,

Tauqeer Ahmad 
0x-Scientist-x0

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com 

Sanjay Rawat
Senior SoftwareEngineer
INTOTO Software (India) Private Limited 
Uma Plaza, Above HSBCBank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082|India  
Office: + 91 4023358927/28 Extn 422 
Website :www.intoto.com
Homepage:http://sanjay-rawat.tripod.com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 